The Benefits of Java Card in eUICC for IoT Devices

www.thalesgroup.comOPEN

The Benefits of Java Card in eUICC for IoT Devices

Denis Praca – THALESVice chairman of ETSI SCPDeputy chair of GSMA eSIM WGChairman of TCA eUICC WG

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.

2 The Benefits of Java Card in eUICC for IoT Devices – 12 Nov 2020

Denis Praca - Thales

OPEN

Problem statement

▌Massive IoT deployment is driven by the availability of a lot of low cost

connected devices

Fierce competition leads to high pressure on device pricing

- Every cents is worth to save thus JavaCard may be initially seen as an expensive

solution (Implementation and license)

▌But this may be balanced by the following:

Security requirements and regulations are increasing

- Certification cost can be reduced by reuse of already certified platform and libraries

- JavaCard virtual machine provides process isolation mandatory for secure

applications

- Updates are easier to manage

Wide expertise on secure development of JavaCard applications is available


The standardization and regulatory landscape

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

ETSI SCP and 3GPP

▌ETSI SCP

The home of UICC

- TS 102 241 and TS 102 705 define

JavaCard APIs

UICC specifications also largely rely on GlobalPlatform JavaCard API specifications

UICC supports primary and secondary applications

▌ 3GPP

Defines JavaCard APIs for

USIM/ISIM and contact manager

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

GSMA

▌eSIM

JavaCard support is mandatory

for certification of eUICCs for

M2M prior to V4 and for consumer

prior to V3

It becomes optional for newer

releases

However, more than 90% of MNO

Profiles contain at least one

JavaCard application

▌ SAM

Defines an interoperable way to

load third party applications in an

eUICC

▌ IoT SAFE

Leveraging a hardware secure

element, or ‘Root of Trust’, to

establish end-to-end, chip-to-cloud

security for IoT products and

services

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

TCA (Formerly SIMalliance)

▌eSIM

Defines the format of the data

used to download a Profile on an

eUICC

This specification includes the

installation of JavaCard

applications▌ IoT SAFE

Provides a common mechanism to

secure IoT data communications

This application may either be

interoperable (JavaCard) or native

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

ENISA: GOOD PRACTICES FOR SECURITY OF IOT* (Extract)NOVEMBER 2019

▌Development / Implementation

Libraries

- Use of trusted security libraries when third-party resources are used, ensuring that they are widely tested based on certain security criteria so as to not compromise the software.

External checks

- Use of mechanisms to ensure that external libraries, tools or APIs used during the SDLC

phases such as development, deployment and maintenance are proven, secure and updated.

▌Testing / Acceptance

Security requirement tests

- Performance of security tests to ensure that software is free of known vulnerabilities and to detect risks related to security requirements

Penetration tests

- Testing to identify potential vulnerabilities that could exist in IoT solutions and could be exploited by an attacker

*:https://www.enisa.europa.eu/publications/good-practices-for-security-of-iot-1

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Considerations about certification

▌Number of connected devices is

booming

▌Security, safety and privacy risks

have increased accordingly

▌Scalability (due to high number of devices),

interoperability and application

independence (different devices and purposes) need to be addressed

▌Certification is the main protective means for the users but:

Proper certification is a long and costly process that could be improved by reuse

of certified platform and applications


Analysis of some use cases for JavaCard applications

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Use case: Roaming management

▌Roaming management allows MNOs to balance the use of roaming partners for the

benefit of the end user:

Limit or remove roaming cost

Direct subscribers to the best networks and to enhance the customer experience

▌The pure network steering solution can achieve about 75% steering efficiency.

However, by combining the network steering with Over The Air (OTA) commands,

operators can steer more than 95% of roaming traffic onto the most suitable

networks.

More than 90% of MNO’s Profiles come with a JavaCard application, mainly for roaming management

▌Roaming is not limited to smartphone. IoT devices, even low cost, shall be able to

handle roaming application

Additional roaming costs may be much higher that saving on device

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Use case: securing the IoT using IoTSAFE

▌IoT devices using 3GPP connectivity shall use a UICC including a USIM

application as defined by 3GPP specifications

Using this UICC or eUICC for securing the IoT comes for free ;-)

In case of eUICC, the IoTSAFE applet has to be interoperable

Combined with SAM, it can be provided by IoT device provider

▌But securing the IoT means more than securing

the communications

The full lifecycle shall be secured from design to

refurbishment*

Enforcement of security by design

Device

application

Device

Middleware

IoT Security

Applet

IoT Server

Application

IoT Server

Middleware

IoT Security

Server

Specified by GSMA

TLSCA1

server

client CA2

O

ROT

A

Ke

y

mg

t

*See : https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things


Requirements and trends

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Use of secure elements is not limited to devices using 3GPP connectivity

▌IoT devices are controlling our home, health care, security, privacy…

Securing these devices is not an option

▌Benefit of JavaCard Secure Elements:

Reuse of certified components (Hardware and Software)

Easy customization by the addition of JavaCard applications on top of basic

services as IoTSAFE

The SE carries device diversification

- Uniqueness of ID, keys

- Root of trust

Security implies updatability

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Integrated SE technology is coming (aka Integrated eUICC, iSIM,…)

▌Integrated SE technology has the potential to secure low cost IoT devices

Easier integration

Lower cost

Security equivalent to traditional embedded secure elements

▌But it may come with reduced flexibility

Harder customization

Diversification can be done only after device assembly

- Very limited amount of internal non-volatile memory

The System on Chip may not be the only element to consider during security

evaluation

- Use of shared external memory

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Customization

▌IoT devices are distributed through various channels which often require

branding and customization

MNOs

Service providers

▌Customization may include data exchange protocols, cryptographic

algorithms…

Different country regulations (Type of algorithms, key length, privacy …)

Different data format required by different service providers

▌How to handle security and certification requirements on multiple software

versions?

JavaCard modularity and isolation allow customization while keeping certification

status of the core system

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Software update

▌Software security is a moving target

New algorithms vulnerabilities are discovered every year

New type of attacks are emerging

Even certified products may suffer issues

▌Regular updates is mandatory in order to maintain device security

JavaCard, associated with GlobalPlatform architecture and protocols will help to

securely deploy and manage partial updates

- Reduced bandwidth for patch update vs full OS update

- Reduced deployment time

This

do

cu

me

nt

ma

y n

ot

be

re

pro

du

ce

d, m

od

ifie

d,

ad

ap

ted

, p

ub

lish

ed

, tr

an

sla

ted

, in

an

y w

ay, in

wh

ole

or

in

pa

rt o

r d

isc

lose

d t

o a

th

ird

pa

rty w

ith

ou

t th

e p

rior

writt

en

co

nse

nt

of

Tha

les

-©

Th

ale

s2

01

8 A

ll rig

hts

re

serv

ed

.



OPEN

Conclusion

▌When defining an IoT solution, security and privacy shall be a premium concern

▌IoT is not a mass market like smartphones, assembly of pieces of technologies is

more efficient than development from scratch, customization is required

▌Taking security and privacy into account from the beginning of a design, the Total

Cost of Ownership shall take into account:

Development from scratch vs reusability

Full certification vs certification by composition

Management and Deployment of the mandatory updates

Customization as per service providers and country regulations requests

▌At the end, JavaCard may prove to be cheaper and more efficient

to achieve your market goals


Contact:[email protected]

The Benefits of Java Card in eUICC for IoT Devices

Documents

Transcript of The Benefits of Java Card in eUICC for IoT Devices